<?php
declare (strict_types = 1);

namespace app\middleware;

use Closure;

class Cors
{
    /**
     * 处理请求
     *
     * @param \think\Request $request
     * @param \Closure       $next
     * @return Response
     */
    public function handle($request, Closure $next, ? array $header = [])
    {
        $h=[
            'Access-Control-Allow-Origin'=>'*',
            'Access-Control-Allow-Credentials' => 'true',
            'Access-Control-Max-Age'           => 1800,
            'Access-Control-Allow-Methods'     => 'GET, POST, PATCH, PUT, DELETE, OPTIONS',
            'Access-Control-Allow-Headers'     => 'Authorization, Content-Type, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-CSRF-TOKEN, X-Requested-With',
        ];
        $header = !empty($header) ? array_merge($h, $header) : $h;
        return $next($request)->header($header);
    }
}
